1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
To create a user on the cluster do `sudo /root/ldifs/addldapuser.py`
This will end by prompting you for the LDAP password, which is the same as the normal root password.
__When creating a user:__
Make sure you have a record of the user’s having accepted the terms of use – this is a GDPR requirement
Check that you know the username that the user wants. By default this should be the LCS username,
but we allow others; obviously external users have to choose one. Please try to avoid mixed case,
non-alphanumeric characters, or names longer than about 10 characters.
Check that you know what group the user should be in.
addldapuser.py gives a list of possible groups; we need to get this right to make sure people have
access to restricted resources. Currently useful primary groups for Herts users are:
`1003` (CAR),
`1004` (CACP, formerly CAIR), 1005 (Computer Science),
`1006` (old Health and Human area, covering Life Sciences),
`1007` (PAM not otherwise covered),
`1008` (Engineering).
Please never use the default group (`1000`).
*EITHER* meet the user in person to set the password,
*OR* set the initial user password to a random, secure string, not a word or the user’s name
(I normally use `XX99xxXX` where `X`, `x` and `9` are different upper case, lower case and numeric characters)
and send the password by a separate e-mail (we don’t want a record of It in the helpdesk system).
|
